Welcome to Part 8 of this review of the Pluralsight course Exploring Android Studio by Larry Schiefer.
Larry Schiefer is the CTO and co-founder of HiQES, a mobile, embedded, and application development service company. Larry has over 16 years of experience leading teams, and designing and developing high performance and robust software, and is a Google GDE.
Also in this series:
Part 1 – Introduction
Part 2 – Setting Up Android Studio
Part 3 – Migrating to Android Studio
Part 4 – SDK Tools
Part 5 – Creating Apps
Part 6 – Building and Debugging
Part 7 – Library Projects
Part 8 – Building a Release Package
Part 9 – Advanced Features
Part 10 – The Gradle Build System
Part 11 – The Android Gradle Plugin
Building a Release Package
In order to push out our app to an app store, we need to produce a release APK. This is an app package which is cleaned up for release and signed with a release key.
A release APK does not allow Java debuggers to attach to our app’s process.
They often uses Proguard to obfuscate the generated Java class and .dex files, however Proguard is not covered in this course.
At the time of writing there are no Pluralsight courses covering Proguard😦
The key represents an individual, corporate or orgnaizational entity associated with the app and is valid for at least 25 years.
The key can be self-signed.
We do this using a command prompt:
>keytool -genkey -v -keystore demo.keystore -alias demo_key -keyalg RSA -keysize 2048 -validity 10000
Enter keystore password:
Re-enter new password:
What is your first and last name?
What is the name of your orgnaizational unit?
What is the name of your orgnaization?
What is the name of your City or Locality?
What is the name of your State or Province?
What is the two-letter country code for this unit?
Building the Release package
As at v0.4.6 Android Studio tool for building the release package were incomplete.
We see a GUI wizard for creating signed keys and this can be used instead of the command line we used in the previous lesson.
We use jarsigner to verify our APK has a valid signature, and we do this in the command prompt:
>jarsigner -verify -verbose app\app.apk
Larry also mentions the AAPT tool, which dumps out information about our APK. We can use this from the Android Studio Terminal.
The information that this returns tells us our APK is debuggable, which is not what we want.
I believe this issue was been resolved in a later version of Android Studio, so don’t worry about everything Larry says here.